Industries have been using the calendar as a means of ensuring people maintain awareness about specific topics. But these methods are a means by which to remind us all what it is that we should be doing year-round. During August, this means that you should have heard about at least one of these two topics, if not both, depending on your industry: insider threat and anti-terrorism awareness.
So why am I just posting this in September? These threats are constants and we always need to be aware — not just in August.
Although these stem from the security industry, it is not exclusive to the security industry. Let’s look at each of these a little closer and what you can do to help prevent it.
Insider Threat
Insider threat: A person from within a company, industry, or country that wittingly or unwittingly does harm to the security of that entity. This could include espionage, terrorism, sabotage, unauthorized disclosure of information (e.g., national security or business proprietary), or a loss of department resources or capabilities.
Anti-Terrorism
Anti-terrorism: the prevention of terrorism.
Per the FBI, terrorism is defined as[1]:
Domestic terrorism: Violent, criminal acts committed by individuals and/or groups to further ideological goals stemming from domestic influences, such as those of a political, religious, social, racial, or environmental nature
International terrorism: Violent, criminal acts committed by individuals and/or groups who are inspired by, or associated with, designated foreign terrorist organizations or nations (state-sponsored).
Law enforcement certainly plays a large role in monitoring for terrorist activity but that does not mean you don’t have a role.
How to Spot and Mitigate These Threats
To defeat either of these threats, there are things we all can do to help monitor for, and potentially prevent, something bad from happening. In the table below are examples of behaviors or actions that we can watch for that may be indicative of an issue.
Examples of Insider Threat Behaviors
- Is interested in, asks about, or tries to access sensitive information without need or authorization
- Violates security policies repeatedly
- Access the office or remotes into the network at unusual times
- Engages with people or has contacts that may be concerning for a business (e.g., competitors, partners, foreign contacts)
- Publicly denounces or expresses issue with the company, how it operates, or their co-workers
- Sudden and unexplained financial relief
- Hides or covers up internet browsing of websites such as chat or image boards (e.g., 4chan, 8chan, 8kun)
What You Can Do About Insider Threat Behaviors
- Be aware of your activities in the workplace and when something seems out of place or abnormal
- Talk to your co-workers to better recognize normal vs. abnormal behaviors
- Report concerning behaviors or statements made in person or through social media
- Don’t assume that someone else will report it, even if both/all saw it
Signs & Suspicious Activities of a Terrorist[2]
- Express or implied threats of committing a crime that could cause harm structures or people
- Surveillance activities. An unusual or prolonged interest in particular structures, places, or people, especially if being covert.
- Theft of credentials, uniforms, or equipment that may permit entry to a location
- Testing of security features, responses, or personnel
- Attempted intrusion or attack on a subject either physically or through technology (cyber)
- Eliciting information through questions beyond a normal curiosity regarding events, facilities, people, or operations
- Gaining specific skills or knowledge on a topic (e.g., facility security, military tactics, flying)
- Presenting false credentials or information to conceal possible illegal activities
What You Can Do About Terrorist Threat Behaviors
- Be alert and aware of your surroundings and the activities around you
- Don’t overshare personal or other information related to facilities, events, operations, etc.
- Report abandoned packages, bags, or items that may be hazardous
- Report concerning behaviors or statements made in person or through social media
If You See Something, Say Something
Understand that observing just one of the behaviors or suspicious activity does not prove that someone is engaging in insider threat or terrorist activities. But it is important to report a concern to the appropriate person(s) to review and determine any next steps, if warranted. With each report, a more complete picture can be put together and assessed by the appropriate authorities, be it security, human resources, or law enforcement.
Do not assume that someone else has reported what you saw and don’t think of it as being a tattletale. It is better to report it and be wrong than say nothing and be right. If what you observed or heard makes you uncomfortable, trust your instincts. If you see something suspicious, say something!
[1] https://www.fbi.gov/investigate/terrorism
[2] https://www.dhs.gov/see-something-say-something/recognize-the-signs